Requirements
User and Roles
- Employee
- DevOps
- Config Manager
Base
- System components (like httpd) should be installable and configurable by configuration data.
- DevOps should be able to install System Components by configuring as least configuration as possible.
Configuration
Validation
- req0090 CM System validates configuration ahead of applying.
Dimension Multitenancy
- req0184 Multi Tenant configuration
- Multi Tenant configuration can be handled separated per tenant
Configuration, Defaults and Overwrite-Order
- req0049 CM System provides Configurations Override Hierarchy (NonFunctional).
- CM System overwrites (change a value or delete) on level of single property.
- Configuration overwrite is resolved in the following order (top available config overwrites later):
- tenant / instance config
- tenant / server config
- tenant / default config
- module / nesting module default config
- module / nested module default config
- The following dimensions are used for resolfing overwrite:
- Tenant Configuration: With the following properties
- Tenant Configuration can be authorized discretely.
- Config Manager can use tenant defaults
- Config Manager can use server config
- Config Manager can use instance config
- Module Default Configuration: With the following properties
- Each module has to provide a useful default configuration
- Modules can overwrite default config of nested modules.
- Tenant Configuration: With the following properties
Statemanagement & Version
- State should be stored on a defined place
- req0091 CM System reads version of already applied configurations from target system.
- req0092 CM System writes version of currently applied configuration to target system.
Runtime
Distribution
- Configuration Distribution
- System pushes configuration from a central system to nodes.
- Configuration receiver has the following prerequisites:
- Running SSH server
- Credentials known by configuration management system
- Bash is available.
- System delivers only the node specific configuration to target nodes. Other nodes security relevant stuff (like SSL keys, credentials, configuration informations) stays central.
- Configuration for developer client nodes should be pulled from the configuration management repository. Developers should be able to apply their own configuration of their developer clients themselves.
System Adapters
httpd / WebServer
Basic Functionality
- req0032 System configures the ListeningPorts
- req0031 System configures the central security-settings for production grade environments.
- req0030 System configures logging formats.
- req0037 MaxClients, Upload sizes are configurable
- req0033 System install & configures modules.
- Supportet modules are:
- modGnutls
- modjk
- proxy
- rewrite
- Supportet modules are:
VHost
- req0035 Redirect http-> https
- Module provides for each vhost a http and a https configuration. The http configuration redirects all requests to https.
- req0034 VHost is NameBased or IP/Port-Based
- req0036 Document Root is configurable
req0039 Module supports multi-tier maintainance page
req0040 Module supports Googles site ownership validation
- The Admin configures google validation id.
- In the configuration phase, the Module
- generates an static html file for the given id,
- considers the static id on all supported modules (mod_jk, mod_proxy, authenticaton)
Module specific Configuratons
- req0038 System configure GnuTls module for VHost
- Config Manager configures the vhosts certificates
- Sytem provides a default cipher configuration passing SSLLabs tests
- req0041 Module supports mod_jk
- Admin can mount url-paths to worker-spec
- Admin can unmount subpaths from worker-spec
- Admin can configure worker-spec
Load Test
Convention Adapters
Module Liferay
Basic Functionality
Installation (phase :install)
The system installs a default liferay.
"Default Liferay" definition contains the following determinations:
- webserver apache2.4 is doing the https
- database mysql
- document repository is filebased
- application server: tomcat is used, liferay is deployed as war file.
- simple backup: mysql & document repository are backed up.
The system installs liferay with the following layout:
- hot deploy: /var/lib/liferay/deploy
- document repository: /var/lib/liferay/data
- prepare rollout: /var/lib/liferay/prepare-rollout
- additional third party libs: /var/lib/liferay/lib
- ext-properties: /var/lib/liferay/portal-ext.properties
- support scripts: /var/lib/liferay
- apache log: /var/log/apache2
- tomcat log: /var/log/tomcat
- mysql log: /var/log/mysql
Release Management (phase :prepare-rollout)
In order to prepare rollouts the system transport the new software version to the target system. Software versions consists of
- the liferay main application
- hooks, portlets, layouts and themes
the releases management scripts support two modes
- hotdeployment (portlets, layouts and themes),
- fulldeploy (main application)
The release management script removes application parts not belonging to the installed release.
Configuration (phase :configure)
- The system configures the liferay installation in the following aspects
- webserver: vhost, certificates, htaccess credentials, module configurations
- application: portal-ext.properties
Managed Desktop Foundations
User Basics
- req0082 User and Password
- Password is initially set by CM system
VM interaction
- req0070 VM Integration
- Clippboard, Drag&Drop, Resolution Resizing, Shared Folders
Office Integration
req0071 Office Suite LibreOffice
req0074 VersionManagement
- clone Plain Repositories
req0076 DesktopWiki
Solution
- anacron
- zim
- git
Communication
Convenience
Managed IDE
Operating System
- req0095 IDE is based on Xubuntu14.04.02
Development Basics
- req0088 Diff
- meld
Java Development
- req0077 Java
- req0078 BuildManagement
- Leiningen, Gradle, Ant
- req0079 UML-Tools
- req0080 Eclipse
- WorkspaceMechanics
- Saros
- ProjectSpecific Configurations
Ops
- req0073 PasswordUtils
Communication
- req0085 Madeye
Managed Office Desktop
Office Integration
- req0094 Office Client is based on Kubuntu14.04.02
- req0072 KMail for Mail, Calendar and Contacts
Credentials Security
Hard Crypto
- req0227 DevOps can encrypt secrets associated for his identity.
- req0228 DevOps has to provide passphrase and private key for runtime decryption.
Configuration Sources
- req0226 DevOps can store all credentials in VCS, secrets are protected by crypto.
- req0229 DevOps can store credentials in his user home in ~/.pallet/config.clj or in PALLET_HOME/config.clj
- req0230 DevOps can use his ssh credentials from current execution-context instead of configured credentials.